Advertisement

A Lightweight 256-Bit Hash Function for Hardware and Low-End Devices: Lesamnta-LW

  • Shoichi Hirose
  • Kota Ideguchi
  • Hidenori Kuwakado
  • Toru Owada
  • Bart Preneel
  • Hirotaka Yoshida
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6829)

Abstract

This paper proposes a new lightweight 256-bit hash function Lesamnta-LW with claimed security levels of at least 2120 with respect to collision, preimage, and second preimage attacks. We adopt the Merkle-Damgård domain extension; the compression function is constructed from a dedicated AES-based block cipher using the LW1 mode, for which a security reduction can be proven. In terms of lightweight implementations, Lesamnta-LW offers a competitive advantage over other 256-bit hash functions. Our size-optimized hardware implementation of Lesamnta-LW requires only 8.24 Kgates on 90 nm technology. Our software implementation of Lesamnta-LW requires only 50 bytes of RAM and runs fast on short messages on 8-bit CPUs.

Keywords

Hash functions lightweight cryptography security reduction proofs 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE, http://131002.net/blake/
  2. 2.
    Aumasson, J.P., Henzen, L., Meier, W., Naya-Plasencia, M.: QUARK: A Lightweight Hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 6–17. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO, http://crypto.rd.francetelecom.com/
  5. 5.
    Bernstein, D.J.: CubeHash Specification (2.B.1), http://cubehash.cr.yp.to/
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Keccak specifications, http://keccak.noekeon.org/
  7. 7.
    Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function, http://www.cs.technion.ac.il/~orrd/SHAvite-3/
  8. 8.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)CrossRefMATHGoogle Scholar
  9. 9.
    Biryukov, A., Wagner, D.: Advanced slide attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipherbased hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash Functions and RFID Tags: Mind the Gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.A.: Another look at complementation properties. In: Preproceedings of Fast Software Encryption 2010 Workshop, pp. 350–367 (2010)Google Scholar
  14. 14.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Canniére, C.D., Sato, H., Watanabe, D.: Hash Function Luffa Specification, http://www.sdl.hitachi.co.jp/crypto/luffa/
  16. 16.
    Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  17. 17.
    Canteaut, A., Chevallier-Mames, B., Gouget, A., Paillier, P., Pornin, T., Bresson, E., Clavier, C., Fuhr, T., Icart, T., Misarsky, J.-F., Naya-Plasencia, M., Reinhard, J.-R., Thuillet, C., Videau, M.: Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition, http://www.shabal.com/
  18. 18.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES -Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRefMATHGoogle Scholar
  19. 19.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  20. 20.
    Feldhofer, M., Rechberger, C.: A case against currently used hash functions in RFID protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family, http://www.schneier.com/skein.html
  22. 22.
    Gaubatz, G., Kaps, J.P., Ozturk, E., Sunar, B.: State of the Art in Ultra- Low Power Public Key Cryptography for Wireless Sensor Networks. In: Workshop on Pervasive Computing and Communication Security PerSec (2005)Google Scholar
  23. 23.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl - a SHA-3 candidate, http://www.groestl.info/
  24. 24.
    Halevi, S., Hall, W.E., Jutla, C.S.: The Hash Function Fugue, http://domino.research.ibm.com/comm/research_projects.nsf/pages/fugue.index.html
  25. 25.
    Hirose, S., Kuwakado, H., Yoshida, H.: SHA-3 proposal: Lesamnta, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/Lesamnta.zip (October 2008) latest version, http://www.sdl.hitachi.co.jp/crypto/lesamnta/
  26. 26.
    Küçük, Ö.: The Hash Function Hamsi  okucuk/hamsi/, http://homes.esat.kuleuven.be/
  27. 27.
    Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  28. 28.
    Gligoroski, D., Klima, V., Knapskog, S.J., El-Hadedy, M., Amundsen, J., Mjølsnes, S.F.: Cryptographic Hash Function BLUE MIDNIGHT WISH, http://people.item.ntnu.no/~danilog/Hash/BMW/
  29. 29.
    Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  30. 30.
    Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Knezevic, M., Verbauwhede, I.: Hardware evaluation of the Luffa hash family, ftp://ftp.esat.kuleuven.ac.be/cosic/knudsen/trunc.ps.Z
  32. 32.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  33. 33.
    Leurent, G., Bouillaguet, C., Fouque, P.-A.: SIMD Is a Message Digest, http://www.di.ens.fr/~leurent/simd.html
  34. 34.
    Lu, L., O’Neill, M., Swartzlander, E.: Hardware Evaluation of SHA- 3 Hash Function Candidate ECHO, http://www.ucc.ie/en/crypto/CodingandCryptographyWorkshop/
  35. 35.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  36. 36.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  37. 37.
    National Institute of Standards and Technology, Secure hash standard, Federal Information Processing Standards Publication 180-2 (August 2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
  38. 38.
    National Institute of Standards and Technology, Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family (November 2007), http://csrc.nist.gov/groups/ST/hash/documents/
  39. 39.
    Rivest, R.: The MD5 message-digest algorithm, Request for Comments, no. 1321 (April 1992), ftp://ftp.rfc-editor.org/in-notes/rfc1321.txt
  40. 40.
  41. 41.
    Shamir, A.: SQUASH – A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  42. 42.
    Simpson, W.: PPP Challenge Handshake Authentication Protocol (CHAP), Request for Comments, no. 1994 (1996), http://www.ietf.org/rfc/rfc1994.txt
  43. 43.
    Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multicollisions. IEICE Trans. on Fundamentals E91-A(1), 39–45 (2008)CrossRefMATHGoogle Scholar
  44. 44.
    Tillich, S., Feldhofer, M., Issovits, W., Kern, T., Kureck, H., Muhlberghuber, M., Neubauer, G., Reiter, A., Kofler, A., Mayrhofer, M.: Compact hardware implementations of the SHA-3 candidates ARIRANG, BLAKE,Grøstl, and Skein, eprint archive: http://eprint.iacr.org/2009/349.pdf
  45. 45.
    Yoshida, H., Watanabe, D., Okeya, K., Kitahara, J., Wu, H., Küçük, Ö., Preneel, B.: MAME: A compression function with reduced hardware requirements. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 148–165. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  46. 46.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  47. 47.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  48. 48.
    Wikipedia, Microprocessor, ch. Market statistics, http://en.wikipedia.org/wiki/Microprocessor
  49. 49.
    Wu, H.: The Hash Function JH , http://www3.ntu.edu.sg/home/wuhj/research/jh/
  50. 50.
    Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Shoichi Hirose
    • 1
  • Kota Ideguchi
    • 2
  • Hidenori Kuwakado
    • 3
  • Toru Owada
    • 2
  • Bart Preneel
    • 4
  • Hirotaka Yoshida
    • 2
    • 4
  1. 1.Graduate School of EngineeringUniversity of FukuiFukuiJapan
  2. 2.Systems Development LaboratoryHitachi, Ltd.YokohamaJapan
  3. 3.Graduate School of EngineeringKobe UniversitykobeJapan
  4. 4.Department of Electrical Engineering ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations